1

In our existing application, which is tightly coupled with the OpenSSL, we would like to make use of an OSX native crypto library. Related to this I have following questions:

  1. I believe OpenSSL does two jobs, one make the Transport layer secure, and the second to take care of sending & receiving data. While reading several blogs and documentation, I have come to the conclusion that I need to go with the CommonCrypto & NSStream, where CommonCrypto is used for Encryption & Decryption, and NSStream will be used to send & receive data. Please correct me if that sounds wrong.

  2. Using NSStream seems to be non-blocking framework, while our existing application would benefit from a blocking mechanism. Is there any way around to this?

Chris Markle
  • 2,076
  • 4
  • 25
  • 46
Amitg2k12
  • 3,765
  • 10
  • 48
  • 97

1 Answers1

0

Thanks for looking at it,

Secure Transport Reference is the key to look into it...

Amitg2k12
  • 3,765
  • 10
  • 48
  • 97
  • Be careful with Apple's `SecureTransport` for 10.8 through 10.8.4. Its got a bug where it can't negotiate TLSv1.2 `ECDHE-ECDSA` protocols as advertised. Apple fixed it in 10.8.5, but they did not patch downlevel clients. The bug is likely present in iOS too. OpenSSL has a workaround via the `SSL_OP_SAFARI_ECDHE_ECDSA_BUG` context otpion. – jww Jan 28 '14 at 04:25